Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit: add severity to plain and table output #11702

Merged
merged 1 commit into from Dec 19, 2023
Merged

Audit: add severity to plain and table output #11702

merged 1 commit into from Dec 19, 2023

Conversation

glaubinix
Copy link
Contributor

Resolves: #11633

Output with plain format

composer audit --format=plain
The new audit.abandoned setting (currently defaulting to "report" will default to "fail" in Composer 2.7, make sure to set it to "report" or "ignore" explicitly by then if you do not want this.
Found 1 security vulnerability advisory affecting 1 package:
Package: api-platform/core
Severity: high
CVE: CVE-2023-25575
Title: CVE-2023-25575: Secured properties may be accessible within collections
URL: https://github.com/api-platform/core/security/advisories/GHSA-vr2x-7687-h6qv
Affected versions: >=2.6.0,<2.7.10|>=3.0.0,<3.0.12|>=3.1.0,<3.1.3
Reported at: 2023-02-28T10:37:00+00:00

Output with table format

composer audit --format=table
The new audit.abandoned setting (currently defaulting to "report" will default to "fail" in Composer 2.7, make sure to set it to "report" or "ignore" explicitly by then if you do not want this.
Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package           | api-platform/core                                                                |
| Severity          | high                                                                             |
| CVE               | CVE-2023-25575                                                                   |
| Title             | CVE-2023-25575: Secured properties may be accessible within collections          |
| URL               | https://github.com/api-platform/core/security/advisories/GHSA-vr2x-7687-h6qv     |
| Affected versions | >=2.6.0,<2.7.10|>=3.0.0,<3.0.12|>=3.1.0,<3.1.3                                   |
| Reported at       | 2023-02-28T10:37:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+

Output with json format

No changes required as this just outputs the data from the Composer repository.

@Seldaek Seldaek added this to the 2.7 milestone Dec 19, 2023
@Seldaek Seldaek merged commit 86cd364 into composer:main Dec 19, 2023
20 checks passed
@Seldaek
Copy link
Member

Seldaek commented Dec 19, 2023

Thanks

theoboldalex pushed a commit to theoboldalex/composer that referenced this pull request Jan 10, 2024
@glaubinix @theoboldalex
Audit: add severity to plain and table output (composer#11702)
3fe481f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IonBazan IonBazan IonBazan approved these changes

Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
2.7
Development

Successfully merging this pull request may close these issues.

[feature] composer audit add severity
3 participants
@glaubinix @Seldaek @IonBazan